Administrator

Backend Farm Section

The backend farm section specifies the properties of a backend server farm (a group of homogeneous backend servers).

A client making a request through the Relay Server farm must specify the backend server farm it is targeting. There is one backend farm section for each backend server farm. Each section is identified by the backend_farm keyword.

Property Description
description

(Optional) Specifies a custom description of up to 2048 characters.

enable

(Optional) Specifies whether to allow connections from this backend server farm.

  • yes

    (Default) Allow connections from this backend server farm.

  • no

    Disallow connections from this backend server farm.

forward_x509_identity

Controls how the SAP NetWeaver Gateway authenticates clients. One way is through X.509 certificate forwarding through trusted intermediaries. When this property is set to yes, the Relay Server can extract forwarded client identity information from a trusted forwarder and forward it to the SAP NetWeaver Gateway or Web Dispatcher by using HTTP headers. The default setting is no.

forwarder_certificate_issue

Controls how client identity headers are treated. When a chain of SAP intermediaries exists, the client identity headers may already be present in the request. However, not all clients may be granted permission to act as forwarders. The default behavior is to replace the existing headers with the identity of the forwarder. To grant permission for a forwarder to forward other client identities, set forwarder_certificate_issuer=<match-string> and forwarder_certificate_subject=<match-string>, where <match-string> is checked against a serialized form of the corresponding compound name field in the certificate. Use ? to match any character and * to match any string. Use \ as the leading escape character for ?, *, or \ to match them literally. For example:

forwarder_certificate_issuer = 'CN = quicksigner, OU = security department, O = my org, L = my city, S = my state, C = my country'
forwarder_certificate_subject

UNDER CONSTRUCTION. In the case where a chain of SAP intermediaries exists, the client identity headers may already be present in the request. However, not all clients may be granted permission to act as forwarders. The default behavior is to replace the existing headers with the identity of the forwarder. To grant permission for a forwarder to forward other client identities, set forwarder_certificate_issuer=<match-string> and forwarder_certificate_subject=<match-string>, where <match-string> is checked against a serialized form of the corresponding compound name field in the certificate. Use ? to match any character and * to match any string. Use \ as the leading escape character for ?, *, or \ to match them literally. For example:

forwarder_certificate_subject = 'CN = mySapWD??.my.com, OU = SEC, O = SAP, *'
id

Specifies the name up to 2048 characters for the backend server farm.

inject_affinity_query_header

(Optional) Provides backward compatibility with the Afaria Open Mobile Alliance Device Management (OM ADM) backend server.

  • yes

    Provides backward compatibility.

  • no

    (Default) Does not provide backward compatibility.

If no value is specified, then you can connect by using HTTP or HTTPS.

token (Optional) A security token of up to 2048 characters that the Relay Server uses to authenticate the backend server connection.
verbosity

Sets the verbosity for the backend farm.

  • 0

    (Default) Log errors only. Use this logging level for deployment.

  • 1

    Request logging. All HTTP requests are written to the Relay Server log file.

  • 2

    Request logging. Provides a more detailed view of HTTP requests.

  • 3 or higher

    Detailed logging. Used primarily for Technical Support.

Errors are displayed regardless of the log level specified, and warnings are displayed only if the log level is greater than 0.